Researchers use Hive ransomware’s own encryption algorithm to find master decryption key

Cash for ransomware

Security researchers have managed to use the encryption algorithm used by the Hive ransomware to determine the master key needed to decrypt files for free.

Ordinarily, victims of a Hive ransomware attack would have to pay up to receive their individual decryption key. But a team of researchers from the Department of Financial Information Security, at Korea’s Kookmin University, have been able to calculate the master key. This has then been used in what is believed to be the “first successful attempt at decrypting Hive ransomware”

See also:

Writing up their findings, Giyoon Kim, Soram Kim, Soojin Kang and Jongsung Kim say: “We analyzed Hive ransomware, which appeared in June 2021. Hive ransomware has caused immense harm, leading the FBI to issue an alert about it. To minimize the damage caused by Hive Ransomware and to help victims recover their files, we analyzed Hive Ransomware and studied recovery methods”.

They go on to explain:

By analyzing the encryption process of Hive ransomware, we confirmed that vulnerabilities exist by using their own encryption algorithm. We have recovered the master key for generating the file encryption key partially, to enable the decryption of data encrypted by Hive ransomware. We recovered 95 percent of the master key without the attacker’s RSA private key and decrypted the actual infected data. To the best of our knowledge, this is the first successful attempt at decrypting Hive ransomware. It is expected that our method can be used to reduce the damage caused by Hive ransomware.

Hive ransomware has been wreaking havoc since the middle of last year, and it is hoped that these latest findings will help to eliminate some of the financial cost it has caused.

More details can be seen in the full report which is available here.

Image credit: Nicescene/Shutterstock

Author: Martha Meyer